Saturday, March 2, 2024

Breaking Down the SEO Poisoning Attack | How Attackers Are ... - SentinelOne

Last updated Thursday, January 19, 2023 11:05 ET , Source: NewsService

In recent weeks there has been a noticeable increase in malicious search engine advertisements found in the wild– an attack method known as SEO Poisoning, which can be considered a type of malvertising (malicious advertising). Industry colleagues have also observed this activity, as noted by vx-underground this week. There is an increasing variety in the specifics of the malware delivery method, such as which searches produce the malicious advertisements and which malware being delivered.

In the vast majority of these cases, attackers aim to opportunistically infect unsuspecting users with commodity malware, as we will examine below. However it is important to note attackers have used this technique in a variety of ways for years. One noteworthy example is the early 2022 report of BATLOADER and Atera Agent being delivered in such ways. Ultimately, the attackers are most successful in these scenarios when they SEO poison the results of popular downloads associated with organizations that do not have extensive internal brand protection resources.

In this post, we will examine an ongoing SEO Poisoning campaign related to Blender 3D, the open-source 3D graphics software, as an example of how these attacks are used to infect users via web searches.

Blender 3D SEO Poisoning

Mimicking the actions of an unsuspecting user, we performed a routine Google search for “Blender 3D” and examined the Ad results presented at the top.

Notably, the malicious ads being delivered by this search...

Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMic2h0dHBzOi8vd3d3LnNlbnRpbmVsb25lLmNvbS9ibG9nL2JyZWFraW5nLWRvd24tdGhlLXNlby1wb2lzb25pbmctYXR0YWNrLWhvdy1hdHRhY2tlcnMtYXJlLWhpamFja2luZy1zZWFyY2gtcmVzdWx0cy_SAQA?oc=5

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.